Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/HCP_VD8b4mdOe-JGMnyHgo--hZk.roa
File:                     HCP_VD8b4mdOe-JGMnyHgo--hZk.roa (raw, json)
Hash identifier:          pvyLcGlIGecUMoV5M5GsvygFi1vo3vW9jA4G5vks5kw=
Subject key identifier:   1C:23:FF:54:3F:1B:E2:67:4E:7B:E2:46:32:7C:87:82:8F:BE:85:99
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       019D200DF661A25DF6A4145ECCB4F34D1D32
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/HCP_VD8b4mdOe-JGMnyHgo--hZk.roa
Signing time:             Tue 24 Mar 2026 13:34:39 +0000
ROA not before:           Tue 24 Mar 2026 13:34:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199915
IP address blocks:        116.204.164.0/24 maxlen: 24
                          222.167.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:20:0d:f6:61:a2:5d:f6:a4:14:5e:cc:b4:f3:4d:1d:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: Mar 24 13:34:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1c23ff543f1be2674e7be246327c87828fbe8599
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:3a:e1:49:48:86:f2:6f:f2:d3:94:8d:2e:e2:
                    bd:af:a8:97:ba:8c:27:ac:d4:d5:0a:1d:a3:80:16:
                    7a:0e:d2:60:4c:68:75:bf:4b:c1:ea:4b:c1:cd:84:
                    58:87:5d:b2:f7:c0:24:bf:87:ba:8b:68:5a:39:9f:
                    07:bd:df:db:dc:21:d5:a7:00:1e:03:17:7c:dc:f5:
                    d2:42:7f:14:62:95:6a:8e:67:9d:e2:b0:19:5e:af:
                    85:5e:05:c5:2a:cd:05:b6:cc:c4:8e:ef:a5:19:d7:
                    da:4c:0f:31:19:48:3f:a5:2c:eb:56:02:29:2a:77:
                    93:43:36:27:78:95:16:65:db:12:a5:fe:41:f0:14:
                    3c:02:28:da:b3:44:84:ae:8d:e4:1e:35:fa:57:4c:
                    fe:75:e9:2d:e1:2c:9b:13:19:5e:d3:df:6a:6b:fd:
                    d2:80:55:50:93:b7:99:bf:0f:5c:11:65:37:7f:c4:
                    39:fe:5f:e9:6c:89:be:d0:ef:1a:c2:ca:f7:5b:8e:
                    b5:d4:77:cf:27:d7:13:c7:85:11:6c:b8:ab:cc:b4:
                    70:94:c4:ca:27:7c:cf:e4:8e:41:12:80:d8:f2:5e:
                    94:66:a2:cf:7f:da:73:66:8c:6b:3e:bb:35:b2:cd:
                    a7:1b:27:bb:52:54:c5:c7:cd:4c:5c:16:af:2a:e5:
                    f3:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:23:FF:54:3F:1B:E2:67:4E:7B:E2:46:32:7C:87:82:8F:BE:85:99
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/HCP_VD8b4mdOe-JGMnyHgo--hZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  116.204.164.0/24
                  222.167.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:b9:67:eb:da:45:25:25:2d:d7:df:12:68:f8:09:e3:b5:47:
         3f:f7:6f:e0:5b:3a:33:68:eb:24:33:0a:31:e2:91:db:ce:91:
         cc:11:fa:6e:3c:e4:d9:71:cf:e4:35:70:44:17:1b:69:4e:83:
         03:52:d8:e9:29:fc:61:d1:8a:dc:6f:57:e9:07:66:6c:5e:26:
         88:3d:d8:29:7f:61:3c:ba:e2:ec:36:eb:23:11:bf:a6:9f:19:
         9d:18:50:09:c7:35:3a:c5:34:53:d5:ec:dc:74:2f:f5:d8:09:
         64:b8:1c:db:a7:0c:87:49:14:2e:15:1e:8e:5a:ca:e1:71:6a:
         af:e2:34:c1:8f:25:23:e5:d0:c6:2c:a4:2d:57:88:2a:cf:ba:
         52:b0:a6:68:b8:73:20:66:c0:33:00:ea:90:9c:fa:05:73:4b:
         2e:ff:62:df:77:69:4b:d2:c3:91:40:26:45:aa:02:2e:03:fe:
         95:f9:f8:66:15:ea:37:31:c7:01:44:76:50:15:ca:4a:bb:a6:
         91:bd:ce:fa:6e:4a:47:36:5d:f3:d3:f6:49:1c:57:31:e3:83:
         42:c3:5b:d5:c1:26:75:0d:a7:9d:82:76:92:d1:2e:73:c2:66:
         5a:1e:4e:2e:04:fe:d1:e5:81:ff:78:55:68:39:59:6f:0e:91:
         c2:3f:27:6d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0gDfZhol32pBRezLTzTR0yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMzI0MTMzNDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzIzZmY1NDNmMWJlMjY3NGU3YmUyNDYzMjdjODc4MjhmYmU4NTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzrhSUiG8m/y05SNLuK9r6iXuown
rNTVCh2jgBZ6DtJgTGh1v0vB6kvBzYRYh12y98Akv4e6i2haOZ8Hvd/b3CHVpwAe
Axd83PXSQn8UYpVqjmed4rAZXq+FXgXFKs0FtszEju+lGdfaTA8xGUg/pSzrVgIp
KneTQzYneJUWZdsSpf5B8BQ8Aijas0SEro3kHjX6V0z+dekt4SybExle099qa/3S
gFVQk7eZvw9cEWU3f8Q5/l/pbIm+0O8awsr3W4611HfPJ9cTx4URbLirzLRwlMTK
J3zP5I5BEoDY8l6UZqLPf9pzZoxrPrs1ss2nGye7UlTFx81MXBavKuXzxQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBwj/1Q/G+JnTnviRjJ8h4KPvoWZMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvSENQX1ZEOGI0bWRPZS1KR01ueUhnby0taFprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAdMykAwQA
3qf/MA0GCSqGSIb3DQEBCwUAA4IBAQBsuWfr2kUlJS3X3xJo+AnjtUc/92/gWzoz
aOskMwox4pHbzpHMEfpuPOTZcc/kNXBEFxtpToMDUtjpKfxh0Yrcb1fpB2ZsXiaI
Pdgpf2E8uuLsNusjEb+mnxmdGFAJxzU6xTRT1ezcdC/12AlkuBzbpwyHSRQuFR6O
WsrhcWqv4jTBjyUj5dDGLKQtV4gqz7pSsKZouHMgZsAzAOqQnPoFc0su/2Lfd2lL
0sORQCZFqgIuA/6V+fhmFeo3MccBRHZQFcpKu6aRvc76bkpHNl3z0/ZJHFcx44NC
w1vVwSZ1DaedgnaS0S5zwmZaHk4uBP7R5YH/eFVoOVlvDpHCPydt
-----END CERTIFICATE-----